I got hit with a Virus. I need help

BrettB · April 21st, 2001, 02:45 AM

I got hit with a trojan horse virus that currupted my C:\WINDOWS\RUNDLLS.EXE. The Virus was called BackDoor-GK.svr. To get rid of the virus i had to delete the windows file adn i was wondering where I could get another file to replace it?

Thanks for your help.

Bjackso · April 21st, 2001, 02:59 AM

Off your windows install CD?

Also please note that backdoors have many variants. Id be curious if that was the only file it infected. After being infected by a trojen I would reccomend a system wipe/re-install... oh the joy the joy of it all.

Never open untrusted files !

BrettB · April 21st, 2001, 03:02 AM

I would do it off of my windows cd buit i can't find it. Having a backdoor on my system dosent bother me all that much but now i am afraid to close down windows because i fear that it may not reboot.

bhce · April 21st, 2001, 03:05 AM

Okay.... so do you at least have the cab files from the OS?? Either on the hdd or the orignal CD.... You need to use EXTRACT to get the needed file out of the cab file. Since if looks like you have at least a second computer, the current PKZIp for windows (shareware) will also decompress cab files. It will even show you the contents of the cab if you need to search it out...
Don't know how to use EXTRACT??? Go to Microsoft's Knowledgebase and seach for it.... Can't hold your hand all the way...

BrettB · April 21st, 2001, 03:11 AM

What .cab file might the RUNDLLS.EXE be found in?

BrettB · April 21st, 2001, 03:36 AM

Thanks for all of your help you guys/gals. I have fixed the problem or so i think. If not i will be back but till then thanks again.

ShadeInTheDark

Sowulo · April 21st, 2001, 01:20 PM

Quote:

Originally posted by ShadeInTheDark:
Thanks for all of your help you guys/gals. I have fixed the problem or so i think. If not i will be back but till then thanks again.

ShadeInTheDark

It could be very helpful to others if you would post your solution......

BrettB · April 21st, 2001, 06:26 PM

I went through all of the cab files and i reinstalled the Rundlls.exe file that was currupted then i used the Ms config to turn off soem programs running in the back ground and my computer is now running great!

Joker1 · April 22nd, 2001, 01:18 AM

if you have win98 you can also use the system file checker to restore infected, corrupted or missing files.

ooosey · April 24th, 2001, 10:46 AM

I am infected with q virus which infects my windows files and gives it a .vir ending. what virus is this and how do I clear it.

sennister · April 24th, 2001, 05:10 PM

The best cure for a virus short of buying a new HDD is Fdisk.exe. Not too many viruses can survive that. Store all Operating Systems and Programs one drive and get another for all your data. (A small 5-10GB is cheap now and it will hold alot of data.) That way you can get back up and running in no time flat. I have had a few viruses in my career and I just run Fdisk and then re-ghost.... problem solved. If you have a lot of data files you worry about periodically burn them to CD.

Chapin · April 25th, 2001, 09:07 AM

Warning,
If Just save your files to another HDD, then when you ghost the image onto the new HDD then you might be copying the virus as well. If you really need to wipe your drive then is best to lose all your data and not to copy any thing, that should teach you a lesson to install antivirus software and keep your DAT files UP TO DATE.

sennister · April 25th, 2001, 10:07 AM

oops I missed that point. I use Norton AV 2000 and check weekly for new updates. I also check daily on windrivers to see the latest Anti-virus update section. That way I know if something is out between my weekly updates.

FooL · April 25th, 2001, 11:32 AM

Norton and Mcafee both have excellent sites that aid you in manual removal of virii. My suggestion is to take a little bit of time and LEARN about your virus. Read up on and it figure out EXACTLY what it is doing to your system. Only once you understand your virus will you be able to feel safe about your system once you've cleaned it.

Also *note*: If the virus is bad enough to cause a complete system re-load and you do the f-disk thing. Do this command as well-->

fdisk /mbr

/*This command fdisks your Master Boot Record*/ It's a nasty place a virus can hang out and resurface after a perfectly good fdisk/format/clean install.

cabal · April 26th, 2001, 06:47 PM

If you can't find help at the microsoft site for extracting the cab file or getting rid of the virus, Symantec should have help on their site.

April 21st, 2001, 02:45 AM	#1
BrettB Junior Member Join Date: Apr 2001 Location: United States Posts: 5	I got hit with a Virus. I need help I got hit with a trojan horse virus that currupted my C:\WINDOWS\RUNDLLS.EXE. The Virus was called BackDoor-GK.svr. To get rid of the virus i had to delete the windows file adn i was wondering where I could get another file to replace it? Thanks for your help.

April 22nd, 2001, 01:18 AM	#9
Joker1 Registered User Join Date: Mar 2001 Location: Winnipeg Manitoba Posts: 405	if you have win98 you can also use the system file checker to restore infected, corrupted or missing files. __________________ There are no stupid questions! Just stupid (l)users!

April 25th, 2001, 11:32 AM	#14
FooL Registered User Join Date: Nov 2000 Location: Uter Posts: 280	Norton and Mcafee both have excellent sites that aid you in manual removal of virii. My suggestion is to take a little bit of time and LEARN about your virus. Read up on and it figure out EXACTLY what it is doing to your system. Only once you understand your virus will you be able to feel safe about your system once you've cleaned it. Also note: If the virus is bad enough to cause a complete system re-load and you do the f-disk thing. Do this command as well--> fdisk /mbr /This command fdisks your Master Boot Record/ It's a nasty place a virus can hang out and resurface after a perfectly good fdisk/format/clean install. __________________ if(post.eof()){SigBox.setText("Have A Day.");}

April 26th, 2001, 06:47 PM	#15
cabal Registered User Join Date: Feb 2001 Location: Lake Placid,NY Posts: 332	If you can't find help at the microsoft site for extracting the cab file or getting rid of the virus, Symantec should have help on their site. __________________ "You've been livin' on the razor's edge, since you began to shave... Make sure you live, you're a long time dead, cradle to the grave"-Motorhead

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

April 21st, 2001, 02:59 AM	#2
Bjackso Registered User Join Date: Apr 2001 Posts: 44	Off your windows install CD? Also please note that backdoors have many variants. Id be curious if that was the only file it infected. After being infected by a trojen I would reccomend a system wipe/re-install... oh the joy the joy of it all. Never open untrusted files !

April 21st, 2001, 03:02 AM	#3
BrettB Junior Member Join Date: Apr 2001 Location: United States Posts: 5	I would do it off of my windows cd buit i can't find it. Having a backdoor on my system dosent bother me all that much but now i am afraid to close down windows because i fear that it may not reboot.

April 21st, 2001, 03:05 AM	#4
bhce Junior Member Join Date: Apr 2001 Location: West Coast Posts: 1	Okay.... so do you at least have the cab files from the OS?? Either on the hdd or the orignal CD.... You need to use EXTRACT to get the needed file out of the cab file. Since if looks like you have at least a second computer, the current PKZIp for windows (shareware) will also decompress cab files. It will even show you the contents of the cab if you need to search it out... Don't know how to use EXTRACT??? Go to Microsoft's Knowledgebase and seach for it.... Can't hold your hand all the way...

April 21st, 2001, 03:11 AM	#5
BrettB Junior Member Join Date: Apr 2001 Location: United States Posts: 5	What .cab file might the RUNDLLS.EXE be found in?

April 21st, 2001, 03:36 AM	#6
BrettB Junior Member Join Date: Apr 2001 Location: United States Posts: 5	Thanks for all of your help you guys/gals. I have fixed the problem or so i think. If not i will be back but till then thanks again. ShadeInTheDark

April 21st, 2001, 06:26 PM	#8
BrettB Junior Member Join Date: Apr 2001 Location: United States Posts: 5	I went through all of the cab files and i reinstalled the Rundlls.exe file that was currupted then i used the Ms config to turn off soem programs running in the back ground and my computer is now running great!

April 24th, 2001, 10:46 AM	#10
ooosey Junior Member Join Date: Apr 2001 Posts: 1	I am infected with q virus which infects my windows files and gives it a .vir ending. what virus is this and how do I clear it.

April 24th, 2001, 05:10 PM	#11
sennister Registered User Join Date: Apr 2001 Location: Minnesota Posts: 83	The best cure for a virus short of buying a new HDD is Fdisk.exe. Not too many viruses can survive that. Store all Operating Systems and Programs one drive and get another for all your data. (A small 5-10GB is cheap now and it will hold alot of data.) That way you can get back up and running in no time flat. I have had a few viruses in my career and I just run Fdisk and then re-ghost.... problem solved. If you have a lot of data files you worry about periodically burn them to CD.

April 25th, 2001, 09:07 AM	#12
Chapin Registered User Join Date: Feb 2001 Location: Hamilton Ontario, Canada Posts: 39	Warning, If Just save your files to another HDD, then when you ghost the image onto the new HDD then you might be copying the virus as well. If you really need to wipe your drive then is best to lose all your data and not to copy any thing, that should teach you a lesson to install antivirus software and keep your DAT files UP TO DATE.

April 25th, 2001, 10:07 AM	#13
sennister Registered User Join Date: Apr 2001 Location: Minnesota Posts: 83	oops I missed that point. I use Norton AV 2000 and check weekly for new updates. I also check daily on windrivers to see the latest Anti-virus update section. That way I know if something is out between my weekly updates.